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Abstract— The Internet of Things has become a very important sector and has recognized to be a billion- 
dollar commerce. It is a large group of sensors and devices connected through wire or wireless and 
continuously shares data providing several benefits. Still, at the same time, the connectivity and its nature 
make it a target of cyber-attacks. These devices need to be secured. This paper proposes an intelligent 
model for securing IoT devices from such attacks. The authors used Gated Recurrent Unit (GRU) and Deep 
Neural Network (DNN) classifier, which has been trained and evaluated under the CICMAL2017 dataset. 
The performance of this model is assessed under all the standard evaluation metrics. The attained accuracy 
of our model is 99.3 %, with a precision of 99.7 %. Finally, to demonstrate the suggested model's efficacy, 


we compare it to alternative models. 
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I. INTRODUCTION 


The Internet of Things (IoT), defined as a global network of networked gadgets with unique addresses, has 
seen tremendous expansion in modern years. The devices of IoT can be categorized into two categories: 
edge devices and gateway devices. The gateways devices have significantly greater resources than the edge 
devices. The edge devices are primarily low-power devices which duty is to collect the data and send it to 
the gateway [1]. These devices use different communication protocols along with sensing features. Because 
of the increasing growth of data in IoTs, IoT networks are the target of a large variety of assaults and threats 
[2]. Around eighty percent of cybersecurity specialists attempt to resolve at least one security issue each 
day, while sixty percent of professionals spend one hour or two a day dealing with network operations and 
security [3]. Cyber-physical systems have advanced at a breakneck pace in recent years because of the 
advances in computing and hardware technology. Such advancements resulted in the growth of numerous 
attacks, such as making the resource of the system unavailable, known as DoS attack. The authors of [4] 
discussed the replay and deception attacks along with the detection techniques of these attacks on the 
industrial level. Different security measures apply to different types of protocol-following devices that must 
be adhered to. According to multiple research surveys, internet sensors could be installed in vehicles, 
furniture, and plants by the end of 2025. To safeguard the entire IoT infrastructure, no integrated strategy 


has yet been devised. Traditional strategies of intrusion detection are used to defend the system from 
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threats, and they work at the set-up level using IDS and IPS, Still, due to the heterogeneous and seamless 
nature of the devices of IoT, such security measures aren’t enough to protect them from attacks. In 
automatic malware detection, deep learning plays a critical role. Deep Learning is one of the most 
extensively used research topics, and as a result of its growing popularity, it has gotten a lot of attention 


and sparked a lot of applications in threat detection [5]. 


Deep learning-based security solutions exhibit excellent efficiency and accuracy in the case of threat 
detection in IoT environments. That's why the authors aim to use GRU and DNN classifiers for effective 


threat detection to secure the IoT environment. 


Il. RELATED WORK 


IoT is a networking environment in which physical items are incorporated into it in a method that they 
become dynamic members in this process. More than 46 billion devices of the IoT will be in operation by 
2021, according to Juniper. This includes devices and sensors, as well as acutators, and represents a 200 


percent growth over 2016 [6]. 


Certain real-time cyber security intrusion that are searched for by AV softwares are outlined in relation to 
the security difficulties faced in the IoT context. Numerous researches have used different techniques of 
deep learning for detecting threats and intrusions in IoT. In [7], the authors used a hybrid model of deep 


learning for threat detection in IoT by using a publicly available dataset for testing and training purposes. 


The authors achieve very efficient detection accuracy with very low testing time. Recurrent neural network 
(RNN) techniques were utilized by the authors in [8] to recognize and categorize attacks. The performance 
of RNN-based techniques and non-RNN techniques was compared. The authors offer a self-learning system 


in [9] with the goal of identifying corrupted/ compromised devices in an IoT environment. 


The authors used GRU classifier for this purpose. Some author authors used RF, SVM, LSTM, etc for 
intrusion detection. The authors of [10] aim to detect botnets by using LSTM classifies, which have been 


trained and tested on CVUT dataset. 


The models of deep learning have been proven to have a very good output when it comes to securing the 
infrastructures of the Internet of things. The author's anomaly detection technique detected DDoS attacks 


with an accuracy of 87.35 % is presented in [11]. 


Further, it presents a DL-based codetection model in conjunction with Snort IDS for detecting loT-based 
DDoS attacks. Finally, [12] generates a labeled behavioral data collection of IoT traffic, which includes both 


benign and malicious traffic. 


The dataset for this traffic was generated from a network of 83 devices. From the above discussion, it has 
been observed that deep learning can show an important role in IDS for extraordinary accuracy for 


detection of threats and intrusions. A complete literature review is shown in Table 1. 
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HiIl. METHODOLOGY 


This section consists of the proposed methodology with dataset description and proposed detection 


technique. 
Table 1: Existing Literature 
Ref Dataset Model Achievements Limitations 
7 CICHDS2018 | DNN- The authors achieved a The dataset is not explored properly 
GRU good detection accuracy 
10 | CVUT LSTM The model can detect The dataset lacks supportive features 
botnets at the packet level of IoT 
13. MovieLens CNN The proposed methodology | Imbalanced samples in the training set, 
10m and can detect the Basic CNN Structure. 
20m recommendation attack 
steadily and effectively 
14 | Data MLP Achieved an accuracy of 87 | The proposed method cannot detect 
Collected % the DDoS by imitating all of the 
from bitcoin features of the chunks formed when 
Network the attack happens 
15 ICSdatasets | DL- The proposed technique Accuracy of the proposed method 
based outperformed conventional | needs to be optimized, attack types 
cyber- classifiers along with locations need to be 
attack identified 
detection 
method 
for ICS 
16s Nine IoT DTL- The proposed method The proposed model requires added 
attack based significantly detects IoT time for the training of the model. 
detection approach | Attacks, thus improving the 
Datasets accuracy 
(MMD- 
AE) 
17 | NSL-KDD Deep Achieved a good accuracy This dataset lack supportive features 
Model of IoT. 
18 CTU13-ISOT  CNN- The model can detect The detection accuracy is low, and 
RNN botnets at the packet level time complexity is high 
19 | CVUT real- LSTM Achieved detection Unable to determine if a sample is 


time traffic 


A. Proposed Model 


accuracy is good 


benign or malicious. 


The current research proposes a deep learning practice for the detection of malware in the environment of 
IoT.The proposed model is shown in Figure 1. We have tested and trained the proposed models, GRU and 
DNN. The Detection accuracy is improved due to a lower number of false positives. To acquire efficient 
findings, the try-outs were repeated up to 40 epochs with 64 batch size. After multiple experiments, these 
best parametric values were discovered. For the purposes of implementation, we used the Keras Python 


framework with TensorFlow as the backend. We have further used a graphical processing unit (GPU) for 
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improved performance. In the proposed DL architecture, we have developed GRU and DNN models. GRU- 
DNN classifier was implemented for the training and testing of the model. A complete description of the 


model is shown in Table 2 
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Figure 1: Proposed detection scheme 
Table 2: Proposed Model Description 
Algorithm Layers Optimizer Neurons AF LF Epochs __ Batch-Size 
GRU (1) 100 Relu 
Dropout Admax 0.3 CC-E 40 64 
GRU Dense (3) 200,100,50 
Output (1) 07 Softmax 
DNN (1) 100 Relu 
DNN Dropout Admax 0.3 CC-E 40 64 
Dense (3) 200,100,50 
Output (1) 07 Softmax 
B. Dataset 


Selecting an appropriate dataset is the most important part of the research journey. As the accuracy of the 
results totally rely on the nature of the dataset, its features, and wholeness. For this research, the dataset 
utilized is provided by CICMAL17. The dataset comprises multiple output classes, i.e., Adware, 
Ransomweare, etc. All these different classes have been successfully identified in the confusion matrix of the 


implementation results. Complete detail of the dataset is given in Table 3 below. 


C. Feature Scaling 

There are multiple features that have been extracted from the dataset by using python. The extracted 
features of the dataset are shown in Table 3. The dataset contains a rich feature set consisting of more than 
80 features. MinMaxScaler function is used that is also Known as normalization function, and it transforms 


all the values in the range between (0 to 1) formula as shown in the equation below: 
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X;—min(xX 
Anew = ee (1) 


max(x)—min(x) 


Table3. Dataset Details 


PornDroid, pletor, charger family, wannaLocker, jisut 


Feiwo, koodus, selfmite, gooligan, kemoge 


AVpass, faketaobao, penetho, fakejoboffer 
SMS Malware Zsone, jifake, fakeinst, biige 





IV. RESULTS & DISCUSSION 
This section comprises the experimentation results and the discussion. In order to assess the model's 
performance, all of the standard evaluation metrics have been followed, e.g., accuracy, recall, F1-score, 


Confusion metric, TPR, TNR etc. 


Confusion Matrix, Cu-GRU Confusion Matrix, Cu-DNN 
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Figure 2: Confusion Metrics 


The confusion matrix is mostly used to classify objects. It depicts whether the planned output will consist 
of five or six classes. It is represented by a quadrilateral structure with rows and columns; hence, rows are 
the genuine classes of the images, while columns are the derived classes. The confusion metrics of the 
proposed models are shown in figure 2. For a systematic assessment, the projected work depicts the 
detection accuracy of the classifiers. The result clearly illustrates that the projected model has a 99.30 
percent accuracy, which is significantly superior than the other model. The accuracy was determined by 
applying the GRU and DNN algorithms to the dataset in order to train the threat detection algorithm. Our 
proposed model is quite efficient, as evidenced by the achieved accuracy. It further means that it is 99.30 


% accurate in terms of threat detection. The precision of the proposed model is 99.70 %. However, the DNN 
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achieved a precision of 96.80 %. Further, the F1 -score and recall of the GRU model is 99.20 % and 99.47 


%, respectively. The accuracy, precision, etc., is shown in figure 3. 
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Figure 3: Accuracy, precision of the models 


False discover rate (FDR), False positive rate (FPR), False negative rate (FNR), and False omission rate 
(FOR) are some of the evaluation metrics that are measured in the proposed study for a better estimation. 
Figure 4 demonstrates that our results had a Fpr of only 0.0035 percent, a Fnr of only 0.0023 percent, and 
FDR and FOR of only 0.028 and 0.0049 percent, respectively. 


The Matthews correlation coefficient (MCC) is a further reliable arithmetical rate that produces a high score 
only if the prediction is correct in all of the four areas of the confusion matrix. (TPR, FNR, TNR, and FPR). 
The TPR, TNR, and MCC were calculated using an uncertainty matrix. The values of the Tpr, Tnr, and Mcc 
of the models are clearly seen in Figure 5. The proposed model achieved the values of 99.33, 99.13, and 


98.03 percent. 
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Figure 4: FPR, FNR FDR of the models 
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Figure 5: TPR, TNR and MCC 


V. CONCLUSION 


The widespread connectivity and the heterogeneous nature of the IoT devices make them a target of 
numerous cyber-threats, and thus IoT necessitates a dependable, versatile, and secure infrastructure. The 
authors present a flexible and reliable model to protect the IoT environment and its devices from 
sophisticated threats, i.e, DoS, botnets, adware, and other malware. Deep learning has attracted the 
attention of the entire globe as a result of its advancement. In this research work, we have used two state- 
of-the-art classifiers, i.e., GRU and DNN, for the purpose of experimentation. The power of the GPU and the 
CPU have been used for testing purposes for improved performance. The architecture presented is both 
cost-effective and scalable. The proposed framewrok attained an accuracy of 99.30 percent 99.33 percent 
of TPR. The output validates the effectiveness of our projected model. In the future, the authors hope to 


leverage a variety of datasets and deep learning techniques to detect malware in IoT environments. 
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